Sycamore Integrated Solutions Limited (also known as Sycamore/Sycamore.NG) will be the data controller for the data that you provide us or we collect in relation to the provision of our services to you. We respect your privacy and protecting your information is paramount. We want you to be informed and empowered with respect to your privacy when you use our services. Please read this Privacy Policy carefully before using our website or our mobile app listed on Google Play store (collectively “our site”) or registering to use our services. Together with our Terms and Cookies Policy, this Privacy Policy sets out our views and practices regarding your personal data and how we collect, process and treat it.

The collection and use of your data is in compliance with the National Information Technology Development Agency Act 2007 and the National Data Protection Regulation(NDPR) 2019.
This notice explains how we handle your personal data and our attitude towards data protection.

If you do not agree with the practices described in this policy, please do not use our services.

We collect and process information which:
You give to us when you register with us, such as your name and other personal details
You use when interacting with financial services on our site
We obtain from regulated credit Reference Agencies on your behalf
We collect about you based on your use of our site

2.1 The Personal Information You Give us or we Collect from You

You may give us information about you when you use our services or by communicating with us. This includes information you provide when you register to use our services, answer specific questions on our website, provide us with feedback, participate in surveys, and when you report a problem or complaint. The information you give us may include:

• Name
• Income
• User ID/Tag → We may assign a unique identifier to your account to facilitate the functionality and personalisation of the app
• Email address → Your email address is used for communication purposes, such as verification updates and customer support
• Date of birth → Your date of birth is needed to confirm you’re of age to access our services.
• Phone number → We collect your phone number to verify your account and communicate with you via SMS only when necessary to do so
• Address → We collect your address to confirm you live within an area we’re regulated to provide services in.
• Employment details → You may voluntarily provide your employment information such as where you work and your work experience to confirm how we
• Next of Kin information. → You may voluntarily provide your next of kin details so you can transfer any claims to the appropriate person in case of death or incapacity.
• Location Data → We collect precise and approximate location information from your mobile device. If you choose to verify your address to upgrade your transaction tier, we collect this data even when the app is closed or in the background. This is strictly used to confirm your residence for regulatory compliance (KYC) and to prevent identity fraud. We do not use this data for marketing or tracking your movements outside of the address verification window.
• Other information: Any additional information. you provide such as preferences or interests, helps us improve our services and customize your experience.

2.2 Financial Information

User Payment Info → If you make purchases through our site, we collect payment details necessary for completing the transactions securely
Purchase History → We retain a record of your purchase history to assist with customer service requests and to provide you with a better experience
Other Financial Info → Any other financial information provided by you for specific transactions or services within the App

2.3 Photos and Videos

Photos → With your consent only, we may ask to use the camera feature on your device to take photos which we will store to enable certain functionalities or features. We will not access the photos stored on your device and we will not ask for permission to do so.

2.4 Files and Docs

Files and Docs → Any file or doc we require with your consent will be provided by taking a photo of it with the camera functionality on your device. This will be stored to facilitate specific app functions and to further personalize & protect any financial information you give to us. We will not ask to access files & docs on your device.

2.5 Contacts

Contacts → We will not ask to access the contacts on your device. When using features that require contact information of a beneficiary, you will be asked to provide this with your consent and this is stored only provide customer support in case of a dispute.

2.6 Site info and Performance

Crash Logs →. We may collect crash logs in the event of a technical issue to improve the site performance and resolve problems efficiently.

2.7 Device IDs

Device ID → We may collect your device’s unique identifier to troubleshoot issues and enhance your user experience.

We use information we hold about you to provide our services to you, improve those services, administer your account, to fulfil our legal obligation, respond to your enquiries, customer support, manage our relationship with you, and communicate with you and to use information on an anonymous basis for research and analytical purposes.

3.1 Information you give to Us or We collect from Credit Reporting Bureaus, Partners or Other Third Parties on Your behalf as part of Our Services

• Administer your account and relationship with us and to, communicate with you by telephone, mail, email, text (SMS) message, push notification or other electronic means;
  Verify your identity as part of our identity authentication process;
• Provide you with information, products and services;
• Where you have provided your consent for us to market to you, provide you with information about other products and services we feel may interest you or be best for you;
• Notify you about changes to our services;
• Ensure that content from our website is presented in the most effective manner for you and your device;
• Aggregate it on an anonymous basis with other data for data analytical and reporting purposes; and
• Undertake analysis and profiling of your credit information in order to identify and inform you of credit products that we consider are likely to interest you or be suited to your credit circumstances or to enhance our services.

3.2 Information We Collect about You based on Your use of Our Website

• To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To improve the services we offer you such as understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• As part of our efforts to keep our website safe and secure and to prevent fraud;
• To make recommendations about products or services that may be of interest.

3.3 Information We receive from Other Sources

We may combine this information with information you give to us and use this information and the combined information for the purposes set out above.

3.4 Recording Telephone Calls and Other Communications

We will use telephone recordings or transcripts of communications to check your instructions to us, analyse, assess and improve our services, for training and quality purposes and for the purposes of investigating any complaint you may make, or as evidence in any dispute between you and us.

3.5 Background Location Usage

To provide automated address verification; a core feature of our Tier 3 account upgrade. Sycamore requires access to your location in the background. This access allows our verification partner, OkHi, to accurately confirm your presence at your declared residential address over a specific verification window. This background access ensures high-fidelity verification and prevents fraud without requiring you to keep the app open for several minutes. Your data is encrypted and used solely for this purpose.

We do not sell, trade, or rent your personal personal information to third parties for marketing purposes. However, we may share your data under the following circumstances: With service providers, business partners and, contractors which help with app operations and services e.g. payment processors, cloud storage providers.

4.1 What We will never Do

Rest assured, we will never sell your information to third parties.

4.2 Who We may Share Your Data with

We may share your data with other third parties, such as our service providers, Credit Rating Bureaus, and Anti-Graft Agencies and Partners. We may need to disclose your data to others to ensure the smooth provision to you of the products, services and information you request. Your data may be disclosed to the other entities as described below. These third parties act on our instructions and are processors of your information. The personal information we have collected from you will be shared with Background Check agencies who will use it to verify your identity. We will share your data due to our legal obligation to ensure we meet know your customer (KYC) and anti-money laundering obligations under extant laws.

4.3 Sub-Processors

We may share your information with the following sub-processors to provide you with a unique experience:

• Google
• Microsoft
• SystemSpecs
• Paystack
• Korapay
• Flutterwave
• Nigerian Interbank Settlement System(NIBSS)
• OkHi

4.4 Selected Third Parties

We may also share your information with selected third parties including:

• Credit Rating Bureaus, to obtain your credit score and credit report on your behalf and to provide our services to you;
• Background Check agencies, to verify identity;
• Anti-graft agencies or other regulators to comply with our legal obligations;
• Product providers, such as our business partners who offer you credit cards, loans, car finance, mortgages, insurance, pensions, investments and other related products, to:

1. assess if you are an existing customer and for Background Check purpose;
2. conduct analysis to provide you with better products and services in the future, and for segmentation purposes;
3. pre-fill an application form with the product provider;
4. assess your probability of being accepted for a product

• Analytics and search engine providers that assist us in the improvement and optimisation of our service
• If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets (or the buyer or seller’s advisers)
• If we or part or all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of Sycamore, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  The Product provider does not have permission to use this data for any other purpose including marketing.
• Address Verification Partners (OkHi):
  To fulfill Central Bank of Nigeria (CBN) "Know Your Customer" (KYC) requirements, we share certain data with OkHi (OkHi Technology Limited). This includes your name, phone number, and location data. OkHi acts as a data processor to verify your residential address via their smart address technology. This process allows us to provide you with higher transaction limits. You can find more information on how OkHi handles data at www.okhi.com/privacy-policy

4.5 Credit Rating Bureaus

If you register to use our services we will obtain on your behalf, in accordance with our Terms, copies of your credit report and credit score from designated Credit Rating Bureau. In order to provide these services to you, we will share your information with such Credit Rating Bureaus. The information which we provide to the CRB may be supplied by them to other organisations such as Background Check Agencies and used by those organisations for the purposes of checking identity, preventing fraud, tracing and collection of debt. The CRB may also use the data to undertake statistical analysis. If you choose to apply for a product, the lender will undertake a full credit check and provide you with further privacy information for that product.

We make we have appropriate legal bases on which to collect, use and share data about you. If you have any questions about the lawful bases upon which we collect and use your personal data, you can contact our Data Protection Officer. Our lawful bases may include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (such as delivering our core services to you) and, legal obligation, and our own legitimate interests.

We will always seek your consent to process certain types of information where we are legally required to do so. You have the right to withdraw or decline your consent at any time.

Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

We offer you the opportunity to receive marketing information from us. You can opt out easily of receiving marketing from us at any time. We will normally send direct marketing by email if we have your email address, but may choose to contact you via other methods, such as push notifications to your devices. You may receive the following types of communications from us:

8.1 Product recommendations

We’ll get in touch with personalised, timely product recommendations that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like.

8.2 Content communications

We’ll send you content such as tips, research, features and news, coaching programmes on how to keep on top of your money and other related content. You can unsubscribe from these at any time and we will never spam your inbox.

8.3 Core communications

We’ll send you your credit report every month, alerts whenever there is a change to your credit report, security alerts pertaining to your Sycamore account, significant changes which may impact our service and other such related content. These communications are an intrinsic part of owning a Sycamore account and cannot be opted-out of.
If you would like us to stop sending direct marketing to you, we offer simple ways to do this. Whenever you receive direct marketing you will be given an option to unsubscribe. You can also tell us that you do not wish to receive any more marketing communications at any time by writing, with your full name, address and other contact details (to enable us to find your records), to: Data Protection Officer Sycamore.NG

We take the security of your data very seriously and use strict procedures to protect it. Whenever we transfer personal data Nigeria, we ensure that appropriate safeguards are in place to protect the data. All information you provide to us is stored on our secure servers. We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage. Where possible, we try to only process your information within Nigeria. If we or our service providers transfer personal data outside Nigeria, we always require that appropriate safeguards are in place to protect the information when it is processed.

While your account remains active, we keep your information for no longer than is necessary depending on the purpose for which we are using it. We will keep your credit information for an initial period not less than six (6) years from the date such information is provide, and archived for a period of ten (10) years in compliance with the provision of Section 5 of the Credit Reporting Act, 2017. How long we keep your information will depend on the purpose for which we use it. While you are a customer of ours, we will only retain your information for as long as is necessary for those purposes. After termination of your account, we may continue to use anonymised data (which does not identify individual users) which is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis and research purposes, for example to gain insights about our users. We may also keep your email address to ensure that you no longer receive any communications from us as well as your name, date of birth and latest address for Background Check purposes and for the exercise or defence of a legal claim.

Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these policies.

We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know. We use automated processing for the following purposes:

• 12.1 Identity verification - We use an automated decision making system to verify the details you provide against those held by third party providers. If you do not pass the check using the automated system, we cannot provide our services to you without being able to verify your identity.
• 12.2 Tailored products and services - We may use your information to predict the probability that you may be accepted for a product, or to determine the best order or manner in which to display products to you.
• 12.3 Tailored communications - We want to make sure we’re only sending you emails that are relevant to you, and so we will use your personal information to determine which content you may be more interested in receiving. You’ve the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making, please contact us via [email protected] .

You can exercise specific rights with regards to the data that we hold about you. You will be able to:

• 13.1 Correct your data - you will usually be able to amend any information that we hold about you that is inaccurate or incomplete through the settings in your account;
• 13.2 Request access to your data - you can ask for access to the personal data that we hold about you so that you can check that we are using your information in accordance with data protection law;
• 13.3 Erase your data - you can ask us to fully or partially delete your personal data where there is no compelling reason for us to keep using it, although we may not be able to continue to provide our services. We may keep your email address to make sure the restriction is respected in future. We also have the right to continue using your information if such usage is necessary for compliance with our legal obligations;
• 13.4 Download your data or send it to another controller - you can obtain a copy of the data you provided us in a machine-readable format. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party;
• 13.5 Restrict the use of your data - You have the right to 'block' or suppress further use of your information in certain circumstances (for example, where you think the information we are using about you is inaccurate, whilst we verify its accuracy). When usage is restricted, we can still store your information, but may not use it further;
• 13.6 Right to withdraw consent - If you have given your consent for us to use your information, you have the right to withdraw your consent at any time. This can be done by contacting our Data Protection Officer;
• 13.7 Right to lodge complaint with the Regulator: - If you are not satisfied with our response to any complaints you raise with us or you believe our processing of your information does not comply with the data protection law, we suggest you contact our Data Protection Officer. However, you can make a complaint to the Central Bank of Nigeria or the National Information Technology Development Agency.

For the exercise of any of your rights, you can also contact us at [email protected]

We may send you SMS messages for purposes such as account verification, transaction alerts, and marketing communications.
Transactional Messages: These are essential for the operation of your account and cannot be opted out of.
Marketing Messages: You have the right to opt in or out of receiving marketing/transactional-related SMS messages.

How to Manage Your Preferences

You can manage your SMS communication preferences by:
Contacting our customer support at [email protected] or calling 0201 700 3497.
We will process your request promptly in accordance with applicable laws and regulations.

Sycamore is committed to protecting personal data in accordance with the Nigeria Data Protection Act 2023, regulations issued by the Nigeria Data Protection Commission (NDPC), applicable Central Bank of Nigeria (CBN) regulations, and other applicable laws.
To achieve this, Sycamore:

• Maintains a Data Protection Officer (DPO);
• Implements data protection policies, procedures and staff training programmes;
• Conducts Data Protection Impact Assessments (DPIAs) where required;
• Enters into appropriate Data Processing Agreements with service providers;
• Implements appropriate technical and organisational security measures to protect personal data and;
• Undertake such other measures as may be necessary to ensure compliance with applicable data protection, privacy, cybersecurity, and regulatory requirements.

To comply with Know Your Customer (KYC), Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), Counter-Proliferation Financing (CPF), sanctions screening, fraud prevention and regulatory requirements, Sycamore may collect, verify, process and retain: BVN; NIN; Government-issued identification documents; Selfie photographs; Facial verification and liveness data; Signature information; Address verification information; Transaction and account activity information and such other information as may be required for lawful business, compliance, risk management, operational, security, or regulatory purposes.

Sycamore may: Conduct customer due diligence and enhanced due diligence; Verify source of funds and source of wealth where required; Screen customers against sanctions lists, watchlists, politically exposed person (PEP) databases and adverse media sources; Monitor transactions, devices, login activities and behavioural patterns for fraud prevention and regulatory compliance; Restrict, suspend or decline transactions or accounts where required by law, regulation or internal risk controls; and Share information with regulators, law enforcement agencies, financial institutions, payment service providers, credit bureaus and fraud prevention agencies where permitted or required by law as may be necessary or appropriate under applicable law or Sycamore's internal policies.

Sycamore may also use CCTV systems and security monitoring tools at its offices, events, activation centres and partner locations for security, safety and fraud prevention purposes.

Where users participate in any promotion, giveaway, referral programme, loyalty programme, prediction league, competition, survey, reward programme, contest or marketing campaign organised by Sycamore, Sycamore may collect and process: Registration information; Referral information; Competition entries and predictions; Prize eligibility information; Campaign participation records; Uploaded photographs, videos and content; Leaderboard information; and Campaign engagement metrics.

Such information may be used to: Administer campaigns and promotions; Verify participant eligibility; Prevent fraud and abuse; Distribute prizes and rewards; Publish winners where applicable; Maintain leaderboards; and Evaluate campaign performance and effectiveness.

Where users voluntarily submit testimonials, reviews, comments, photographs, videos or other content, such information may be used for customer engagement, promotional and campaign-related purposes subject to applicable laws and any consent requirements.

Sycamore may also use cookies, analytics tools, pixels, SDKs and similar technologies to improve services, measure campaign effectiveness, enhance security, personalise user experiences and support marketing activities. Users may manage applicable preferences through browser, device or platform settings.

Users have the right, subject to applicable law, to: Access their personal data; Correct inaccurate information; Request deletion of personal data; Restrict or object to processing; Withdraw consent where consent is the lawful basis of processing; Request data portability; Lodge complaints with the Nigeria Data Protection Commission (NDPC), the Central Bank of Nigeria (CBN), the Federal Competition and Consumer Protection Commission (FCCPC), or any other competent regulatory authority.

Sycamore may verify the identity of individuals before responding to privacy requests and may retain records of such requests for compliance and audit purposes.

In the event of a personal data breach that is likely to result in a risk to data subjects, Sycamore shall notify affected individuals and relevant regulatory authorities as required by law.

Sycamore may amend this Privacy Policy from time to time and will communicate material changes through appropriate channels.

This Privacy Policy shall be governed by the laws of the Federal Republic of Nigeria, including the Nigeria Data Protection Act 2023, applicable NDPC regulations, CBN regulations, consumer protection laws, cybersecurity laws and financial crime prevention laws.

World Cup “Predict and Win” Campaign • Effective: June 11, 2026 • Last updated: June 11, 2026

Sycamore (“the Company”, “we”, “us” or “our”) is committed to protecting your personal data. This Policy explains what we collect, why, and how we handle it when you take part in our World Cup Predict and Win campaign on our website and mobile app. It is issued in accordance with the Nigeria Data Protection Act 2023 (the “NDPA”). By entering the campaign, you confirm that you have read and understood this Policy.

1. Who We Are The Company is the data controller for the campaign. We determine how and why your personal data is processed, and we are responsible for compliance with the NDPA and the directives of the Nigeria Data Protection Commission (NDPC).
2. Age Restriction The campaign is open only to persons aged 18 and above. We do not knowingly collect data from minors. If we become aware that a minor has entered, the entry and all associated data will be deleted.
3. The Data We Collect All participants: full name, email address, and an active Nigerian phone number (for campaign updates and mobile wallet payouts). Verified winners only: delivery address (for physical prizes); bank account details (for cash prizes); and, where legally required, Bank Verification Number (BVN) or government-issued ID, used solely to verify identity, prevent fraud, and meet anti-money laundering obligations.
4. Why We Process Your Data We process your personal data under Section 25 of the NDPA on the following lawful bases: • Consent – given when you register and opt into the prediction draw; • Contract – to record your predictions, run the leaderboard, and deliver prizes; • Legal obligation – to keep winner records required under tax, consumer protection, and National Lottery Regulatory Commission (NLRC) rules; • Legitimate interest – to protect campaign integrity by detecting bots, duplicate accounts, and fraudulent entries.
5. Winner Publicity To demonstrate that the draw is fair, we may publish limited winner details first name, a partially masked phone number (e.g., 0803***1234), and general location (e.g., Ikeja, Lagos) — on our website and official social media channels. No full contact or banking details are ever published.
6. Who We Share Data With We do not sell your personal data. We share it only with: • licensed Nigerian payment providers and banks, to process cash prizes; • vetted courier and logistics partners, to deliver physical prizes; and • regulators, including the NLRC and the Federal Competition and Consumer Protection Commission (FCCPC), where required for audits or by law.
7. How Long We Keep Your Data • Unsuccessful entrants: up to three (3) months after the tournament ends, then securely deleted. • Winners: up to two (2) years, for audit, tax, and regulatory purposes.
8. Where Your Data Is Stored Your data is stored on secure servers in Nigeria. Where limited backend transfers outside Nigeria are necessary, we ensure protection equivalent to the NDPA through appropriate safeguards, including standard contractual clauses.
9. Your Rights Under the NDPA, you may at any time request: • a copy of the personal data we hold about you; • correction of inaccurate or incomplete information; • deletion of your data, subject to legal retention requirements; • restriction of, or objection to, processing — including for marketing; and • portability of your data to another service. To exercise any of these rights, contact our Data Protection Officer at [insert email address]. We will respond within the timelines required by law.
10. Complaints If you are dissatisfied with how we have handled your data, please contact us first so we can resolve the matter. You also have the right to lodge a complaint with the Nigeria Data Protection Commission at https://ndpc.gov.ng.
11. Changes to This Policy We may update this Policy from time to time to reflect changes to the campaign or to Nigerian law. The latest version will always be available on our website and in the app, with the date of the most recent update shown above